Description
EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product.
Remediation
References
Related Vulnerabilities
MySQL CVE-2023-22015 Vulnerability (CVE-2023-22015)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15698)
WordPress Plugin verwei.se-WordPress-Twitter Cross-Site Scripting (1.0.2)
Dolphin Other Vulnerability (CVE-2006-4189)
WordPress Plugin WP-Spreadshirt-Gallery Cross-Site Scripting (1.3)